Linux Memory Analysis

The output of a memory acquisition tool is a memory image which contains the raw physical memory of a system. A wide variety of tools can be used to search for strings or other patterns in a memory image, but to extract higher-level information about the state of the system a memory analysis tool is required.

Contents

Linux Memory Analysis Tools

Active Open Source Projects:

The Volatility Framework is a collection of tools, implemented in Python, for the extraction of digital artifacts from volatile memory (RAM) samples. See the LinuxMemoryForensics page on the Volatility wiki. (Availability/License: GNU GPL)